Think-authz 是一个专为ThinkPHP6.0打造的授权(角色和权限控制)工具
它基于 Casbin, 一个强大的、高效的开源访问控制框架,它支持基于各种访问控制模型的权限管理。
在这之前,你需要了解 Casbin
的相关知识.
使用composer
安装:
composer require casbin/think-authz
注册服务,在应用的全局公共文件service.php中加入:
return [
// ...
tauthz\TauthzService::class,
];
发布配置文件和数据库迁移文件:
php think tauthz:publish
这将自动生成 config/tauthz-rbac-model.conf
和 config/tauthz.php
文件。
执行迁移工具(确保数据库配置信息正确):
php think migrate:run
这将创将创建名为 rules
的表。
安装成功后,可以这样使用:
use tauthz\facade\Enforcer;
// adds permissions to a user
Enforcer::addPermissionForUser('eve', 'articles', 'read');
// adds a role for a user.
Enforcer::addRoleForUser('eve', 'writer');
// adds permissions to a rule
Enforcer::addPolicy('writer', 'articles','edit');
You can check if a user has a permission like this:
// to check if a user has permission
if (Enforcer::enforce("eve", "articles", "edit")) {
// permit eve to edit articles
} else {
// deny the request, show an error
}
It provides a very rich api to facilitate various operations on the Policy:
Gets all roles:
Enforcer::getAllRoles(); // ['writer', 'reader']
Gets all the authorization rules in the policy.:
Enforcer::getPolicy();
Gets the roles that a user has.
Enforcer::getRolesForUser('eve'); // ['writer']
Gets the users that has a role.
Enforcer::getUsersForRole('writer'); // ['eve']
Determines whether a user has a role.
Enforcer::hasRoleForUser('eve', 'writer'); // true or false
Adds a role for a user.
Enforcer::addRoleForUser('eve', 'writer');
Adds a permission for a user or role.
// to user
Enforcer::addPermissionForUser('eve', 'articles', 'read');
// to role
Enforcer::addPermissionForUser('writer', 'articles','edit');
Deletes a role for a user.
Enforcer::deleteRoleForUser('eve', 'writer');
Deletes all roles for a user.
Enforcer::deleteRolesForUser('eve');
Deletes a role.
Enforcer::deleteRole('writer');
Deletes a permission.
Enforcer::deletePermission('articles', 'read'); // returns false if the permission does not exist (aka not affected).
Deletes a permission for a user or role.
Enforcer::deletePermissionForUser('eve', 'articles', 'read');
Deletes permissions for a user or role.
// to user
Enforcer::deletePermissionsForUser('eve');
// to role
Enforcer::deletePermissionsForUser('writer');
Gets permissions for a user or role.
Enforcer::getPermissionsForUser('eve'); // return array
Determines whether a user has a permission.
Enforcer::hasPermissionForUser('eve', 'articles', 'read'); // true or false
敬请期待...
敬请期待...
敬请期待...
Casbin . You can find the full documentation of Casbin on the website.
This project is licensed under the Apache 2.0 license.